4
all of IT-mediated communication and acti
taking place is offen referred 0 as “Cyber space”. Cyber space cand
spatially located. It is made up of intangible objects, such as your website th
social networks, email account personal information and —repy.'%
Cyberspace can be thought of as a global electronic village with instant Mt
communication and no geographical bar 6
Concept of Cyber Space
The virtual space in which
The Proliferation of IT and the Need for Regulation of Cyber Space
The proliferation of ‘IT’ has resulted in a concomitant proliferation of comp,
crime and other forms of unauthorized access to computers, computer syste
Gnd computer data, The protection of the integrity of all types and fon
lawfully created computers, computer systems, and computer data is vital tg
protection of the privacy of individuals as well as to the well-being of financg
institutions, business concerns, governmental agencies, and others that lawfyy
utilize those computers, computer systems, and data’, The laws governing iy
physical world are, however, inept at governing transactions in cyber spag
where the subject matter often is an intangible object such as one’s email «
Facebook account or website or virtual currency or personal information. Th
regulation of the cyber space, thus, requires specialised laws.
CYBER CRIMES
Cybercrime encompasses any crime involving a computer system or network,
where such system or network is
(i) A Victim of Crime
Where the computer system or its network is the target of the offence,
For example: theft, physical sabotage, violation of intellectual propery
rights, destruction of information, efc.
(ii) A Tool of Crime
Where a computer system or network is being used as an instrument t
commit crime. For example: illegal transactions online, credit car
frauds, etc.
(iii) A Repository of Evidence Related to the Crime
Where the computer can help obtain information, which, assists it
investigation and prosecution of the crime,
cf
te
L. ‘Cyber space’ is referred to as a mere virtual space where computer-mediated communication. ake
place but which may not be spatially located, Prof. Andreas Zimmermann, University of Potsdatt
ance auional Lav’ and Cyber Space, Vol 3, Issue 1, European Society of Intemationl Law
‘Available at: http://www esil-sedi.eu/node/481 Accessed on: 20 August, 2014. |
2, Than global electronic village” was coined by Marshall McLuhan in his books ‘The Get"
Gay: The Making of Typographic Man’ (1962) and "Understanding Media (1961) Fi
43, Section 502, California Penal Code: Unauthorized Access to Computers, Computer Systems
Computer Data.
@ scanned with OKEN Scanner‘17’ has made life easier, It has also made crime easier. ‘IT’ obliterates the
need for actual physical contact to commit a crime. Crime may be committed
anywhere from any Place through the internet. Another problem is that of
anonymity. Cybercriminals can maintain anonymity with ease. It requires highly
sophisticated equipment and a specialised skill set to identify anonymous cyber
criminals. Cyber criminals face low entry barriers due to the low cost of IT, and
the ease with which the commission of cybercrimes can be learnt. For example,
malware toolkits are now casily available,
JT” has also given birth to new kinds of criminal activity. Criminals use ‘IT’ to
commit both tradition I crimes (embezzlement, cheating, theft, efc.) and new age
crimes (denial of service attacks, computer hacking and data theft, efc.). The
involvement of the computer is not limited to the basic computer crimes only but
itis also widely used in a broad range of other crimes such as organised crimes,
white collar crimes, drug trafficking, frauds, forgeries, kidnappings, extortion,
cabling, software piracy etc.
Yet another problem for legislation is the moral ambiguity of some of the
crimes or bad behaviour. Many a time, the criminals (and also the victims) are
not even aware that they are committing a crime. Email spamming, identity theft
with no financial implications and cyber stalking are examples of such kind of
behaviour.
Misuse of ‘IT” has given rise to various risks to individuals, organisations and
governments alike:
(i) Financial Risks: through credit card fraud, phishing and salami attacks.
(i) Risk to Information: through hacking.
i) Individual Risk: through net extortion, online defamation, cyber
stalking, identity theft and cyber bullying.
(iv) IPR Violations: software piracy, cybersquatting, copyright and
trademark infringement.
(v) Risk to Computers/ Computer Systems, efc.: through denial of service
attacks, viruses and e-mail spamming.
(vi) Rise in Online Illegal Activity: sale of illegal items like drugs, online
gambling and pornography.
(vii) Risk to Government: through cyber terrorism, cyber warfare, cyber
spying and hacking of government websites.
CYBER Laws J
Limitations of Traditional Law and Need for a Separate Law for
Cyber Crime
Traditional laws pose several constraints in dealing with cyber-crimes:
(@® Jurisdictional Issues: Cyberspace has no geographic boundaries. A
cybercrime may be committed by a person in any other country or it
may be committed using a computer system or network located in
@ scanned with OKEN ScannerMw) ;
N
gece
another country. While the Indian Penal Code, Se ae for bot
territorial and extra-territorial isd ; i A Sritorig
jurisdiction is limited to offences committed by i ne ae This
Teaves ambiguity in the applicability of the penal aaa ih he Fences
that may be committed by foreign nationals over ser a Be ay their
impact is felt in India, This ‘transnational ea yl : al also
requires greater international cooperation. Investiga ion " me in
other countries and arrest of cybercriminals of other nationa ities wif]
require established extradition treaties and special permissions,
ii) Inapplicability of Conventional Definition :
| eyhettsack involve intangible objects. This creates problems where
.V" conventional definitions of crimes are involved. For instance, the
«__ definition of tyespass’ requires actual phys al entry for convietion*,
~ Consittictive entry upon the property is not within the meaning of this
x Section, In the case of cyber trespass, or hacking, where there is no
* actual entry into the physical territory where the computer is located,
this definition would fail. Similarly, the offence of theft’ is made out
When there exists an intent to remove from possession. Therefore, for
data to be stolen, it would have to be removed from the Possession of
the owner. If the offender were to simply copy the data onto a pen drive
without erasing or modifying the original data in any way, then it may
Not constitute ‘theft’
under the traditional definition of the term.
) Creation of New Crimes: C
Most crimes jn
»
4. Section 4, Indian Penal Code, 1860,
Extension of Code to Ea
‘din India wherever it may be."
Criminal Trespass
Whoever enters into or upon property
aflence oo mide, Heeh BOPEY inthe possession of tothe wih ie 0 commit an
Ste prapenyPEtSO in possession of such properts, on having
son only remains there wither thers
“criminal trespass. a"
Rash Behari Chaerjee v. Fagu Shaw &
1960 Cal 189; Krishna Deo Gaur:
Publishing, 2009, at Page 743,
Section 378. Indian Penal Code, 1860.
Theft
“Whoever, intending 1 take dishonesty any movab
without that person’ s consent, move rer Inert Out ofthe possession o tog
thee + moves that Bropeny in order ta suoh ek tse arn
See Sections 43 (e), 43 (f) and ‘66F (1AM), IT Act, 2000.
@ scanned with OKEN ScannerEe
law. Similarly, the IT Act elevates the offence of denial of access and
introducing computer viruses with the intent of striking terror in a
section of people to the status of ‘cyber-terrorism’ and provides for
significant punishment for the same, Under section 66F of the IT Act,
the provision relating to eyber-terrorism, is worded similar to Section 3
of the Prevention of Terrorism Act, 2002”, ‘
Issues with Gathering Evidences The intan
and cybercrime makes: traditional
inadequate. The ‘scene of crime’ in cyberspace is completely virtual
and so is the object of the crime (data/ information). Additionally, this
type of evidence ean be modified very easly, For example, a crininal
may set up a program which erases all evidence from the computer if it
s accessed by someone other than himself. In this case, mere access to
the computer may erase the evidence. Therefore specific rules are
required for extraction of evidence and maintaining its’ authenticity.
(¥) Anonymity of Netizens: A cybercriminal can easily guard his identity.
A cybercriminal can use fake identities or create identity clones, for
example. This makes gathering of evidence difficult.
(vi) Monitoring of Crime: The sheer volume of information involved and
being processed every second makes monitoring and tracking of crime
very difficult. Countries like United States of America, including India,
have put in place extensive internet surveillance programmes to deal
with this issue. However, such programmes can also be extremely
invasive in the personal lives of individuals, raising questions regarding
the protection of privacy. For example, India’s Central Monitoring
System (CMS), described as the Indian version of America’s PRISM, is
a mass electronic surveillance data mining program which will give
India’s security agencies and income tax officials centralized access to
India’s telecommunications network and the ability to listen in on and
record mobile, landline and satellite calls and’ voice over Internet
Protocol (VoIP), read private emails, SMS and MMS, and track the
geographical location of individuals, all in real time. It can also be used
to monitor posts shared on social media such as Facebook, LinkedIn
and Twitter, and to track users’ search histories on Google, without any
gible nature of cyberspace
I methods of gathering evidence
9. Section 3. Prevention of Terrorism Act, 2002
Punishment for Terrorist Acts:
“() Whoever, — : ”
(a) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in
the people or any section of the people does any act or thing by using bombs, dynamite or other
explosive substances or inflammable substances or firearms or other lethal weapons or poisons or
noxious gases or other chemicals or by any other substances (whether biological or otherwise) of
a hazardous nature or by any other means whatsoever, in such a manner as to cause, or likely to
cause, death of, or injuries to any person.or persons oF loss of, or damage to, or destruction of,
Property or disruption of any supplies or services essential tothe life ofthe community =
damage or destruction of any property or equipment used or intended to be used forthe defense of
India or in connection with any other purposes of the Government of India, any Sate Governmént
or any of their agencies, or detains any person and threatens to kill or injure such person ino
tocompel the Government or any other person to do or abstain from doing any act."
@ scanned with OKEN Scanneroversight by courts or Parliament. The intercepted data may be Subject
to pattern recognition and other automated tests to detect emotional
markers, such as hate, compassion or intent, and different forms of
dissent. Telecom operators in India are obligated by law to give access
to their networks to every legal enforcement agency.
One of the primary concerns raised by experts is the sheer lack of
public information on the project. There is no official word from the
vernment about how government bodies or agencies will use this
information; what percentage of population will be under surveillance;
etc. There is also no legal recourse for a citizen whose personal details
are being misused or leaked from the central or regional database,
Unlike America’s PRISM project under which surveillance orders are
approved by courts, CMS does not have any judicial oversight'’. There
is thus need for extensive legislation on surveillance,
(vii) Evidentiary value of Electronic Information: The extensive use of
‘IT’ for communication and documentation raised a new question on
the admissibility of electronic evidence. If a person was being stalked
online, can copies of e-mails or screenshots of chat room messages by
the stalker be admissible as evidence? The pre-amendmended Indian
Evidence Act, 1872 recognised only two types of evidence!!-
documentary evidence (i.e., paper based evidence) and oral evidence
(testimonials of witnesses).
(viii) Validity of Online Transai Traditional law does not deal with
the validity of e-contracts, digital Signatures, e-commerce, etc, For
example, is a contract entered into through e-mails legally valid? Can it
be enforced in a court of law?
Thus, the need was felt to promulgate specialised |;
following:
laws to provide for the
“(i) Setting clear standards of behavior for the use of computer devices;
(ii) Deterring perpetrators and protecting citizens;
(iti) Enabling law enforcement investigations wh
privacy;
(iv) Providing fair and effective criminal justice Procedures;
(v) Requiring minimum protection standards in areas such as q,
handling and retention; and ‘ata
ile Protecting individual
10. Critique of CMS by Dr Anja Kovacs, Project Director at Intemet Democ
NGO working for online feedom of speech and related issues, Se Tndia's Conrad ns G8
System: Security can't come at cost of privacy, Available at: htpifech, firstpost.comi or"
analifingia-central-moitoring-ystem-securty-cant-come-at-costof privacy 21036 he
‘Accessed on 23 August, 2014,
11. Section 3, Indian Evidence Act, 1872
12, Draft Report tiled, Comprhensive Study on Cybererine, United Nations Ocean Devs a
Crime, February 2013, at Page 52. :
sacy Project, Delhi bao
@ scanned with OKEN Scanner(vi) Enabling cooperation between countries in criminal matters involving
cybercrime and electronic evidence.”
EVOLUTION OF CYBER Law
Early Cyber Laws: The Computer Misuse Act, 1990 of Great Britain
In the case of R v. Gold & Schifreen'® the defendants had gained unauthorised
access to a computer network. The defendants were charged under the Forgery
and Counterfeiting Act, 1981 for ‘defrauding’ by manufacturing a. ‘false
instrument’. It was held by the House of Lords that:
“We have accordingly come to the conclusion that the language of the Act
was not intended to apply to the situation which was shown to exist in this
case. ...
The Procrustean attempt to force these facts into the language of an Act not
designed to fit them produced grave difficulties for both judge and jury which
we would not wish to see repeated. The appellants’ conduct amounted in
essence, as already stated, to dishonestly gaining access to the relevant
Prestel data bank by a trick. That is not a criminal offence. If it is thought
desirable to make it so, that is a matter for the legislature rather than the
courts.”
This judgment brought the possibilities of cyber-crime and the inadequacy of
existing laws to deal with them to the notice of the legislature of Great Britain. It
led to the enactment of the Computer Misuse Act, 1990. This was among the first
| cyber laws to be enacted. It recognised the following offences:
| (i) Unauthorised access to computer material",
(ii) Unauthorised access with intent to commit or facilitate commission of
further offences’>.
(iii) Unauthorised acts with intent to impair, or with recklessness as to
impairing, operation of computer, etc."®.
@ scanned with OKEN Scanner